Re: [OpenWrt-Devel] nftables: named counters broken on 18.06.4

Wed, 11 Sep 2019 07:26:26 -0700 

On Tue, 10 Sep 2019 at 16:20, Salvatore Mesoraca <[email protected]> wrote:
>
> Hi,
>
> I'm experiencing a problem with nftables' named counters with OpenWrt 18.06.4 
> on a NetGear R7800.
> This is an example of what I get:
>
> # uname -a
> Linux OpenWrt 4.14.131 #0 SMP Thu Jun 27 12:18:52 2019 armv7l GNU/Linux
> # nft flush ruleset
> # nft add table inet filter
> # nft add counter inet filter mycounter
> # nft add chain inet filter output { type filter hook output priority 0 \; }
> # nft add rule inet filter output counter name mycounter
> Error: Could not process rule: No such file or directory
> add rule inet filter output counter name mycounter
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> # nft list ruleset
> table inet filter {
>         counter mycounter {
>                 packets 0 bytes 0
>         }
>
>         chain output {
>                 type filter hook output priority 0; policy accept;
>         }
> }
>
> Running the failing command using strace I can tell that the ENOENT error is 
> received from the kernel via Netlink.
> It's similar to what I get if I try to reference a non-existent counter, but 
> "mycounter" exists.
> If I remove "name mycounter" from the command line, it works. Of course it 
> creates an anonymous counter.
> The message sent via Netlink looks correct, so I think that the problem 
> resides in kernel.
>
>
> On a PC with 4.15 the same command sequence works flawlessly:
>
> # nft flush ruleset
> # nft add table inet filter
> # nft add counter inet filter mycounter
> # nft add chain inet filter output { type filter hook output priority 0 \; }
> # nft add rule inet filter output counter name mycounter
> # nft list ruleset
> table inet filter {
>         counter mycounter {
>                 packets 0 bytes 0
>         }
>
>         chain output {
>                 type filter hook output priority 0; policy accept;
>                 counter name "mycounter"
>         }
> }
>
> Any ideas?

Solved.
For future reference:
The kernel was missing CONFIG_NFT_OBJREF, without this option you can
create named counters, but you can't actually use them.

_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to